**Name of the Vulnerable Software and Affected Versions:**

Docker Desktop versions prior to 4.44.3

**Description:**

A critical vulnerability exists in Docker Desktop that allows local Linux containers to access the Docker Engine API via the configured Docker subnet (defaulting to 192.168.65.7:2375). This vulnerability occurs regardless of whether Enhanced Container Isolation (ECI) is enabled or if the daemon is exposed on tcp://localhost:2375 without TLS. Successful exploitation allows for the execution of privileged commands on the engine API, including control over containers, image management, and potentially mounting the host drive with the same privileges as the user running Docker Desktop, particularly on Windows systems utilizing the WSL2 backend. On Windows, this can lead to full host system compromise, including the ability to read sensitive files and overwrite system files. While macOS is less susceptible due to operating system safeguards, attackers can still gain control over the application and its containers. The root cause is an unauthenticated Docker Engine API accessible from within any running container due to a Server-Side Request Forgery (SSRF) vulnerability.

**Recommendations:**

Update Docker Desktop to version 4.44.3 or later.